Getting Started & How to Complete

an OPSEC Assessment v.1.0 2016

Table of Contents

3. Getting Started 5. Creating a New Assessment 9. Conducting an Assessment 30. Appendix A

2

Getting Started: 1. On SIPRNET, navigate to:

https://eprm.csd.disa.smil.mil/. 2. If you already have an EPRM user

profile, login with your SIPRNET email address. To request a user profile, click on the “Request a User Profile” button at the bottom of the page.

3. Click on Compose E-mail to request a user profile. Ensure you include all of the required information. You may also request an account by sending all of the information in the box to the left to eprmhelp@alionscience.com from your NIPRNET email.

4. You will receive an auto-generated email with your temporary password within 7-10 business days.

5. Once you receive your auto-generated email, follow step 2 on how to login to EPRM. 3

Getting started (continued): 6. Once you are logged in, select Change Password from the drop-down menu in the top right corner of

the screen.

4

Creating a New Assessment: 1. To create a new assessment, click the red Create a New Assessment button.

5

Creating a New Assessment (continued):

6

2. Name your assessment 3. Enter what organization you

are assessing 4. Select OPSEC as your

assessment type 5. Choose your unit or organization’s

node. This allows for the assessment to be viewed by your organization and is essential for higher level analysis and the control of unit information.

NOTE: *You have privileges to nodes in Black *You do not have privileges to nodes in Red *Gray nodes are expired and assessment cannot be created on them.

Creating a New Assessment (continued): 7. This page will only display if you have previously created an assessment or have permission to

view previously created assessments or there are templates that can be inherited from. On this page you will be given the option to either start a new assessment from scratch or copy all of the responses from an existing assessment or inherit from one or more templates. These features reduce the amount of data entry required for recurring assessments.

Once you click the radio button next to

Copy from an existing assessment, all of the available assessments

will appear. Double click on the

assessment that you would like to copy.

7

Creating a New Assessment (continued):

8

8. If there are templates that

can be inherited from, you can view them by selecting the “Inherit from one or more previously created templates” button. You can then select the templates you wish to inherit from the box on the left. Inherited templates will then display in the box on the right.

Conducting an Assessment: You are now at the assessment home page and are ready to begin your assessment. 1. Click on the Profile icon to begin your assessment by entering data about yourself and your

organization.

You may use these administrative functions at anytime during your assessment. See Appendix A for specific instructions on how to use these functions.

9

The YOU ARE HERE medallion will show you which step you

are currently on. This is the basic assessment information, it includes: • The assessment name and

number. • The name of the entity

being assessed. • The date the assessment

was created and it’s status. • The owner of the

assessment. • The dataset the

assessment is using.

Conducting an Assessment (continued): 2. Click on the Assessor Information icon to begin entering information

about yourself and your organization.

10

Icons will remain locked until the previous step is

completed.

Conducting an Assessment (continued): 3. This page captures contact information of the

individual conducting the assessment. Be sure to enter information into all of the required fields.

11

Individuals listed in this section do not

necessarily have or need to have accounts, they

can obtain one by following the directions

on page 1.

12

Conducting an Assessment (continued): 4. The Additional POCs page

allows you to store contact information for individuals that provide answers or assist you while conducting the assessment. Click Add New Entry to add additional POCs and be sure to include all required information. Once you are finished, click Finished Adding POCs then Continue.

Conducting an Assessment (continued):

13

The Answer ‘No’ to All Unanswered button will help you save time on screens where every item or question requires an answer to proceed. Choose Yes for items or questions that apply to you, then click the Answer ‘No’ to All Unanswered button to quickly answer the remaining items or questions.

The About the Organization page asks questions to filter the content you will use to conduct the assessment. 5. Answer all of the

required questions then click Continue.

Conducting an Assessment (continued): The Operating Environment page allows you to select which protection areas you will be assessing. You may select one or multiple protection areas for your assessment. 6. Answer all questions then click Continue.

14

Conducting an Assessment (continued): You are now ready to choose your critical assets. 7. Click on the Critical Assets icon.

15

Conducting an Assessment (continued):

16

You may now select your critical assets. This section is where you will select which assets you want to include in your assessment and rate their criticality. 8. In the Critical Assets section

you can view assets by individual category or show all critical asset types in one list.

Conducting an Assessment (continued): Throughout the assessment process data is displayed in grids. The girds provide you the ability to sort, query, export, and print the contents to make the assessment process more efficient. The text fields above each column allow you to query the contents. You may query multiple columns at one time.

17

Print Preview Open (same as double

clicking on row)

Export to Excel Reload GridData

Click on the arrow to the right of each column name to sort the contents.

Conducting an Assessment (continued):

18

9. Click Yes to include an asset in your

assessment or No to exclude it. When you select Yes, a pop-up box will appear, use the rating scale to assign criticality, then click Submit to proceed to the next critical asset.

Conducting an Assessment (continued):

19

If desired, you may add a comment to a specific critical asset. You will also have the ability to add a comment to threats and countermeasures.

10. To add a comment, click on the

critical asset(1) to highlight the row then click the Add/View Comment button above the grid.(2) Type your comment in the text box, then click Save to continue.(3) A comment icon, “ ” will appear in the comment column. To view or edit your comment, double click on the comment icon.(4)

11. Once you have selected

responses for all of the critical assets, click Continue.

(2)

(1)

(3)

(4)

Conducting an Assessment (continued): 12. After you have completed the Critical

Assets section the category icons will be green. Click the Continue button to return to the assessment home page.

20

Conducting an Assessment (continued): You are now ready to choose the threats to include in your assessment. 13. Click on the Threat Characterization icon.

21

Conducting an Assessment (continued):

22

You may now select the threats your organization may encounter and rate their severity. 14. To view all of the available threats

click on the Show All Threats icon or to view threats by method click on one of the icons below.

Conducting an Assessment (continued):

23

15. Click Yes to include a threat

in your assessment, or No to exclude it. When you select Yes, a pop-up box will appear, select the threat severity. Once you have selected responses for all of the threats, click Continue.

Conducting an Assessment (continued):

24

16. After you have completed the Threat Characterization section the category icons will be green. Click the Continue button to return to the assessment home page.

Conducting an Assessment (continued): You are now ready to select the countermeasures that you currently have in place. 17. Click on the Countermeasures icon.

25

Conducting an Assessment (continued):

26

You may now select the countermeasures your organization currently has in place to determine your vulnerability. 18. To view all of the available countermeasures click on the Show All Countermeasures icon or to view countermeasures by type click on one of the icons below.

Conducting an Assessment (continued): 19. You may select Yes, No, or N/A (Not Applicable) to any question. If you select N/A, you will be

required to enter an explanation. Once you have answered all of the questions, click Continue to proceed.

27

For guidance while completing the

Countermeasures section, double click on the countermeasure to

be presented with a pop-up box containing

guidance, explanations, and references.

28

Conducting an Assessment (continued): 20. After you have

completed the Countermeasures section the category icons will be green. Click the Continue button to return to the assessment home page.

Conducting an Assessment (continued): 21. You are now ready to finish the assessment. You will only have the ability to finish the assessment if

you are the original assessment owner. Click on the Finish Assessment icon.

29

22. After you have finished the assessment, click the Analysis icon to proceed to Analysis.

21.

22.

Appendix A Index: 1. Rename 2-3. Share This Assessment 4-5. Change Owner 6. Delete 7-8. File/Image Upload 9-10. Reports

Appendix A

Rename: The Rename feature allows you to change the name of the assessment. Click Rename, enter the new name in the box provided, then click OK to save the change.

Appendix A – Rename - 1

Share This Assessment: The Share feature allows you to give other EPRM users in your Subscriber Account access to your assessment. You may allow others to read, edit, and/or conduct analysis depending on the privileges you allow. Click Share This Assessment then proceed to the next slide for additional instructions.

Appendix A – Share - 2

1. Find the user you want to share the assessment with.

2. Assign the privileges you want the user to have on the assessment you are sharing

Appendix A – Share - 3

Share This Assessment (continued): When you share an assessment with another user you will have to select what privileges you want them to have. “Read Only” privileges allow another user to view all of the assessments’ critical assets, threats, countermeasures, and analysis. “Read/Write” privileges allow another user to view and edit all of the assessments’ critical assets, threats, countermeasures, and analysis.

Change Owner: The Change Owner feature allows you to transfer ownership of the assessment to another EPRM user. Once ownership is transferred to a new owner, the original owner no longer has any access to the assessment. Click Change Owner then proceed to the next slide for additional instructions.

Appendix A – Change Owner - 4

Change Owner (continued):

Select a user to transfer

ownership to from the drop down list, then click Change to

complete.

Appendix A – Change Owner - 5

Once you click the Change button the new owner will be notified by email and you will no longer have access to the assessment.

Delete: The Delete feature allows you to permanently delete an assessment. Once the assessment has been deleted it will not be recoverable. Click Delete, then a pop-up box will appear to ensure you want to delete the assessment. If you click Yes, the assessment will be deleted and you will be returned to the EPRM home page.

Appendix A – Delete - 6

File/Image Upload: 1. The File/Image Upload feature allows you to attach supporting documents and pictures to the

assessment. Click File/Image Upload then proceed to the next slide for additional instructions.

Appendix A – File/Image Upload - 7

File/Image Upload (continued): The maximum file size is 10MB per uploaded file.

1. Double click Browse to select the file you wish to upload.

2. Once you have selected the file, click Upload. Your file will now appear in the grid.

Appendix A – File/Image Upload - 8

All uploaded files will appear in the grid at the bottom

of the page.

A message will let you know when the file has been

successfully uploaded.

Reports: The Reports feature allows you to generate reports in Excel, Word, or PowerPoint from the assessments information. Click Reports to view all of the available reports.

Appendix A – Reports - 9

Reports: The links to specific reports will be grayed out and unavailable when an assessment is started. As you progress through the assessment, reports for completed sections will turn blue as they become available.

Appendix A – Reports - 10